Sample name: | IMGRO Facturi nepl#U0103tite 56773567583658567835244234Bandido.vbsrenamed because original name is a hash value |
Original sample name: | IMGRO Facturi nepltite 56773567583658567835244234Bandido.vbs |
Analysis ID: | 1538533 |
MD5: | a8da570deac5f16a0050802c0da5d7dd |
SHA1: | 9d8992e3770e41d8a431350e1cef73492dc240ea |
SHA256: | c51c0afd1207879df1f42ac10c7c0bca5397c6b461a6423dbe58b091dc659e6d |
Tags: | vbsuser-lowmal3 |
Infos: | |
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
|
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
|
AV Detection |
---|
Source: |
Malware Configuration Extractor: |
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Source: |
Integrated Neural Analysis Model: |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
Source: |
Binary string: |
Software Vulnerabilities |
---|
Source: |
Child: |
Networking |
---|
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
Source: |
URLs: |
Source: |
DNS query: |
Source: |
Process created: |
Source: |
TCP traffic: |
Source: |
IP Address: |
Source: |
ASN Name: |
Source: |
JA3 fingerprint: |
||
Source: |
JA3 fingerprint: |
Source: |
Suricata IDS: |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
Source: |
DNS traffic detected: |
||
Source: |
DNS traffic detected: |
||
Source: |
DNS traffic detected: |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
E-Banking Fraud |
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
System Summary |
---|
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
Source: |
COM Object queried: |
Jump to behavior | ||
Source: |
COM Object queried: |
Jump to behavior |
Source: |
Process created: |